package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

public class JDBCDemo7 {
    public static void main(String[] args) {
        try(Connection connection = DBUtil.getConnection();){
            String sql ="SELECT id, username, password, nickname, age " +
                    "FROM user " +
                    "WHERE username = ? AND password = ?";
            PreparedStatement ps = connection.prepareStatement(sql);
            ps.setString(1,"小媛");
            ps.setString(2,"12345");

//            ps.setString(1,"草莓");
//            ps.setString(2,"1' OR '1 = '1'");

            ResultSet rs = ps.executeQuery();
            if(rs.next()){
                System.out.println("登录成功！");
            }else {
                System.out.println("登录失败！");
            }
        } catch (SQLException e) {
           e.printStackTrace();
        }
    }
}
